GrapheneOS calls on privacy focused app developers to boycott European Unified Attestation

GrapheneOS is heavily against Unified Attestation, which is a new initiative from the EU. The company outright rejects this initiative, calling it no better than Google Play’s integrity. Recently, there were many issues with the X app for GrapheneOS users, and they allege that the new rules are the cause.

GrapheneOS published its main statement on X, and the team actively calls on all privacy-focused app developers to boycott this new Unified Attestation project, and that phone companies should have the power to decide which operating systems run apps.

The company also expressed confidence that X would permit GrapheneOS, but asking each app for permission individually is not the right fix for this problem. They’ve mentioned clear reasons for rejecting this proposal. No legitimate purpose exists for Play Integrity or Unified Attestation, and both systems make GrapheneOS fail on purpose because it does not run proper hardware attestation checks, and GrapheneOS is an objectively private and secure software.

Community members on X and Reddit agree with these dangers, and the new rules even block custom ROMs such as LineageOS. GrapheneOS doesn’t see Unified Attestation as a solution, but just adds another new gatekeeper, replacing Google controls with a vendor-managed list.

The main argument made is that companies that sell phones should not be deciding which operating systems are allowed to run apps. Many Custom ROM users were left unable to use banking apps, and even apps such as X, because they fail the Google Play Integrity check, or the new Unified Attestation check.

A stronger alternative is proposed, which is standard hardware attestation. It verifies devices without third-party servers, and developers can whitelist GrapheneOS for full compatibility. If enough app developers end up rejecting Unified Attestation, it’ll help in preserving your phone freedom.

Discussions on the GrapheneOS Community also agree that these restrictive checks add nothing to security and only take freedom away.

It’s not just X that’s affected. Important enterprise applications like Microsoft Authenticator might stop working because Microsoft has decided to comply with Google Play Integrity rules. You can read about that here.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.